General
-
Target
l4395013.exe
-
Size
172KB
-
Sample
230612-c8h17aae84
-
MD5
606e63c23067d38546035db506aa56b5
-
SHA1
b07e107fc698d7b1a76481946fdbddd6f00751c2
-
SHA256
d8380cfbe52d86bd14126da3c5a4e72d5526ea33ca4ba51ad05eb74aa5813fc0
-
SHA512
4a67982983ca32694dace98a13f09edbcbab02b1f038d83390a11d5cd5220909d796b9003e5d4ce3c19c9e08484721d13079fc9cce0f99520b9c1ed8a942702e
-
SSDEEP
3072:qhiSbCnywYdhlHTzBQxNVGVbtlQn8e8hX:UiSbVFp22lQn
Behavioral task
behavioral1
Sample
l4395013.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
doro
83.97.73.129:19068
-
auth_value
03f411441fb3fa233179c2cc8ffbce27
Targets
-
-
Target
l4395013.exe
-
Size
172KB
-
MD5
606e63c23067d38546035db506aa56b5
-
SHA1
b07e107fc698d7b1a76481946fdbddd6f00751c2
-
SHA256
d8380cfbe52d86bd14126da3c5a4e72d5526ea33ca4ba51ad05eb74aa5813fc0
-
SHA512
4a67982983ca32694dace98a13f09edbcbab02b1f038d83390a11d5cd5220909d796b9003e5d4ce3c19c9e08484721d13079fc9cce0f99520b9c1ed8a942702e
-
SSDEEP
3072:qhiSbCnywYdhlHTzBQxNVGVbtlQn8e8hX:UiSbVFp22lQn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-